X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=sales%2Fincludes%2Fdb%2Fsales_order_db.inc;h=25e39abf579fb66c7da65065ffd856a96d810421;hb=ec3b5ef00ee07bdf7559c8bdb6f857b7464c3fbe;hp=72f54eebdc0d9039cd39ecddff0b7a3e6023c204;hpb=7a50c189ea995d5fe6785feb7710c00396065d2b;p=fa-stable.git diff --git a/sales/includes/db/sales_order_db.inc b/sales/includes/db/sales_order_db.inc index 72f54eeb..25e39abf 100644 --- a/sales/includes/db/sales_order_db.inc +++ b/sales/includes/db/sales_order_db.inc @@ -54,15 +54,20 @@ function add_sales_order(&$order) $sql = "INSERT INTO ".TB_PREF."sales_orders (type, debtor_no, branch_code, customer_ref, comments, ord_date, order_type, ship_via, deliver_to, delivery_address, contact_phone, contact_email, freight_cost, from_stk_loc, delivery_date) - VALUES ('" . $order_type . "', '" . $order->customer_id . "', '" . $order->Branch . "', '". - $order->cust_ref ."','". db_escape($order->Comments) ."','" . - date2sql($order->document_date) . "', '" . - $order->default_sales_type . "', " . - $_POST['ship_via'] .",'" . $order->deliver_to . "', '" . - $order->delivery_address . "', '" . - $order->phone . "', '" . $order->email . "', " . - $order->freight_cost .", '" . $order->Location ."', '" . - $del_date . "')"; + VALUES (" .db_escape($order_type) . "," . db_escape($order->customer_id) . + ", " . db_escape($order->Branch) . ", ". + db_escape($order->cust_ref) .",". + db_escape($order->Comments) .",'" . + date2sql($order->document_date) . "', " . + db_escape($order->sales_type) . ", " . + db_escape($order->ship_via)."," . + db_escape($order->deliver_to) . "," . + db_escape($order->delivery_address) . ", " . + db_escape($order->phone) . ", " . + db_escape($order->email) . ", " . + db_escape($order->freight_cost) .", " . + db_escape($order->Location) .", " . + db_escape($del_date) . ")"; db_query($sql, "order Cannot be Added"); @@ -106,7 +111,8 @@ function add_sales_order(&$order) $sql = "INSERT INTO ".TB_PREF."sales_order_details (order_no, stk_code, description, unit_price, quantity, discount_percent) VALUES ("; $sql .= $order_no . - ",'$line->stock_id', '$line->item_description', $line->price, + ",".db_escape($line->stock_id).", " + .db_escape($line->item_description).", $line->price, $line->quantity, $line->discount_percent)"; db_query($sql, "order Details Cannot be Added"); @@ -177,24 +183,23 @@ function update_sales_order($order) begin_transaction(); $sql = "UPDATE ".TB_PREF."sales_orders SET type =".$order->so_type." , - debtor_no = '" . $order->customer_id . "', - branch_code = '" . $order->Branch . "', - customer_ref = '". $order->cust_ref ."', - comments = '". db_escape($order->Comments) ."', - ord_date = '" . $ord_date . "', - order_type = '" . $order->default_sales_type . "', - ship_via = " . $order->ship_via .", - deliver_to = '" . $order->deliver_to . "', - delivery_address = '" . $order->delivery_address . "', - contact_phone = '" . $order->phone . "', - contact_email = '" . $order->email . "', - freight_cost = " . $order->freight_cost .", - from_stk_loc = '" . $order->Location ."', - delivery_date = '" . $del_date . "', + debtor_no = " . db_escape($order->customer_id) . ", + branch_code = " . db_escape($order->Branch) . ", + customer_ref = ". db_escape($order->cust_ref) .", + comments = ". db_escape($order->Comments) .", + ord_date = " . db_escape($ord_date) . ", + order_type = " .db_escape($order->sales_type) . ", + ship_via = " . db_escape($order->ship_via) .", + deliver_to = " . db_escape($order->deliver_to) . ", + delivery_address = " . db_escape($order->delivery_address) . ", + contact_phone = " .db_escape($order->phone) . ", + contact_email = " .db_escape($order->email) . ", + freight_cost = " .db_escape($order->freight_cost) .", + from_stk_loc = " .db_escape($order->Location) .", + delivery_date = " .db_escape($del_date). ", version = ".($version+1)." WHERE order_no=" . $order_no ." AND version=".$version; - db_query($sql, "order Cannot be Updated, this can be concurrent edition conflict"); $sql = "DELETE FROM ".TB_PREF."sales_order_details WHERE order_no =" . $order_no; @@ -242,13 +247,13 @@ function update_sales_order($order) (order_no, stk_code, description, unit_price, quantity, discount_percent, qty_sent) VALUES ("; - $sql .= $order_no . ",'" - .$line->stock_id . "','" - .$line->item_description . "', " - .$line->price . ", " - .$line->quantity . ", " - .$line->discount_percent . ", " - .$line->qty_done ." )"; + $sql .= $order_no . "," + .db_escape($line->stock_id) . "," + .db_escape($line->item_description) . ", " + .db_escape($line->price) . ", " + .db_escape($line->quantity) . ", " + .db_escape($line->discount_percent) . ", " + .db_escape($line->qty_done) ." )"; db_query($sql, "Old order Cannot be Inserted"); @@ -357,7 +362,8 @@ function read_sales_order($order_no, &$order) $order->set_branch($myrow["branch_code"], $myrow["tax_group_id"], $myrow["tax_group_name"], $myrow["contact_phone"], $myrow["contact_email"]); - $order->set_sales_type($myrow["sales_type_id"], $myrow["sales_type"], $myrow["tax_included"]); + $order->set_sales_type($myrow["sales_type_id"], $myrow["sales_type"], + $myrow["tax_included"], 0); // no default price calculations on edit $order->set_location($myrow["from_stk_loc"], $myrow["location_name"]); @@ -365,7 +371,7 @@ function read_sales_order($order_no, &$order) $myrow["delivery_address"], $myrow["freight_cost"]); $order->cust_ref = $myrow["customer_ref"]; - $order->default_sales_type =$myrow["order_type"]; + $order->sales_type =$myrow["order_type"]; $order->Comments = $myrow["comments"]; $order->due_date = sql2date($myrow["delivery_date"]); $order->document_date = sql2date($myrow["ord_date"]); @@ -446,8 +452,10 @@ function get_customer_to_order($customer_id) { .TB_PREF."debtors_master.sales_type AS salestype, " .TB_PREF."sales_types.sales_type, " .TB_PREF."sales_types.tax_included, " + .TB_PREF."sales_types.factor, " .TB_PREF."debtors_master.curr_code, " - .TB_PREF."debtors_master.discount + .TB_PREF."debtors_master.discount," + .TB_PREF."debtors_master.pymt_discount FROM ".TB_PREF."debtors_master, " .TB_PREF."credit_status, " .TB_PREF."sales_types